United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
I nilid Stall-, l'atint and Trademark Office 

Address: COMMISSIONER FOR PATENTS 



APPLICATION NO. 



10/090.029 



FILING DATE 



10/29/2003 



33031 7590 03/31/2008 

CAMPBELL STEPHENSON LLP 
11401 CENTURY OAKS TERRACE 
BLDG. H, SUITE 250 
AUSTIN, TX 78758 



FIRST NAMED INVENTOR 



Michael R. Smith 



ATTORNEY DOCKET NO. CONFIRMATION NO. 



NOBAHAR, ABDULHAKIM 



PAPER NUMBER 



DELIVERY MODE 



Please find below and/or attached an Office communication concerning this application or proceeding. 

The time period for reply, if any, is set in the attached communication. 



PTOL-90A (Rev. 04/07) 



l/ffflrC? nVrliUli Otfff Iff ids y 


Application No. 

10/696,629 


Applicant(s) 

SMITH, MICHAEL R. 


Examiner 

ABDULHAKIM NOBAHAR 


Art Unit 

2132 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address — 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )KI Responsive to communication(s) filed on 29 October 2003 . 
2a )□ This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-118 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) |EI Claim(s) 1-118 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) ^ The specification is objected to by the Examiner. 

10) ^ The drawing(s) filed on 29 October 2003 is/are: a)^ accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1) ^| Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) Information Disclosure Statement(s) (PTO/SB/08) 5 ) □ Notice of Informal Patent Application 
Paper No(s)/Mail Date 1 1/07/2005.05/06/2005. 12/29/2003 . 6) □ Other: . 



PTOL-T26 d (Rev e 08-06r 



Office Action Summary 



Part of Paper No./Mail Date 20080324 



Continuation Sheet (PTOL-326) 



2 



Application/Control Number: 10/696,629 Page 2 

Art Unit: 2132 

DETAILED ACTION 

Specification 

Claims 2, 11, 14, 27, 34, 38, 39, 53, 57, 58, 72, 76, 77, 87, 95 and 99 are 

objected to under 37 CFR 1 .75(c), as being of improper dependent form for failing to 
further limit the subject matter of a previous claim. Applicant is required to cancel the 
claim(s), or amend the claim(s) to place the claim(s) in proper dependent form, or 
rewrite the claim(s) in independent form. 

Claims 2,11, 34, 38, 53, 57, 72, 76, 87, 95 and 99 do not provide any further 
limitations to the base claims, because these claims by reciting "security level 
information represents a security level" only provide further explanation not a step 
function to a method or a physical component to a network device. Even the 
specification is silent and do not provide any explanation with regard to this issue. 

Claims 14, 39, 58 and 77 recites a limitation which already exists in claims 1, 33 
and 52, respectively, therefore it is redundant. 

Claims 27 recites "performing said processing on said packet based on said 
comparing" which is basically the same as "indicating processing to be performed on 
said packet based on said comparing" in claim 1, therefore it is redundant. 

The specification is objected to as failing to provide proper antecedent basis for 
the claimed subject matter. See 37 CFR 1.75(d)(1) and MPEP § 608.01 (o). Correction 
of the following is required: Claims 71-73 and 83-89 recite means for executing different 
steps of the instant invention, but the specification does not provide any description for 
the means. 
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Claim Objections 

Claim 6 is objected to because of the following informalities: This claim recites to 
set the security level of the port, but does not specify to what level or state. Appropriate 
correction is required. 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claim 18, 32, 94 and 116 are rejected under 35 U.S.C. 112, second paragraph, 
as being indefinite for failing to particularly point out and distinctly claim the subject 
matter which applicant regards as the invention. 

Claim 18 recites the limitation "third security level information" in lines 2 and 3. 
There is insufficient antecedent basis for this limitation in the claim. 

Claim 32 is indefinite because if the subnetwork security information comprises 
the first security level information which is the security information of a packet according 
to claim 1 , then there is no need for stripping the network security information from the 
packet as recited in claim 30 because the network security information comprises the 
first security level information according to claim 31 . 

Claim 94 recites the limitation "second security level" in line 3. There is 
insufficient antecedent basis for this limitation in the claim. 

Claim 116 recites the limitations "said media access control" in line 2 and "said 
VLAN identifier" in line 4. There are insufficient antecedent basis for these limitations in 
the claim. 
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Claim Rejections - 35 USC § 101 
35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 52-74, 83-89 and 104-118 are rejected under 35 U.S.C. 101 because the 
claimed inventions are directed to non-statutory subject matter. 

Claims 52-70 recite a computer program product comprising of set of instructions, 
which form an assemblage of computer executable codes. The descriptions or expression 
of programs are not physical "things". They are neither computer components nor 
statutory processes, as they are not "acts" being performed. Thus, these claims recite 
non-statutory subject mater. 

Claims 71-73 and 83-89 includes limitations that recite means for executing 
different steps of the claimed invention. According to paragraphs [078] through [082] of 
pages 24 and 25 in specification these steps are executed by software modules. Thus, the 
recited means are software modules and are not patentable. Accordingly, claims 71-73 
and 83-89 are not statutory. 

Claims 104-118 in the preambles claim a network device, but the limitations of 
these claims either recite the constituents of an access control list (claims 1 04-1 1 1 ) or 
recite the constituents of a forwarding table (claims 112-118) which are not physical 
"things". Consequently, the claimed inventions in these claims are data structure 
objects, which are functional descriptive material and are not patentable. Thus, the 
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claimed inventions in these claims do not fulfill the requirements of 35 U.S.C. 101 and 
are non-statutory. 

Claim Rejections - 35 USC § 102 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claims 1-118 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Williams (US 6,304,973 B1). 

With regard to claims 1 , 2, 1 1 , 14, 27, 33, 34, 38, 39, 49, 52, 53, 57, 68, 71 , 72, 
76, 77, 87, 90, 94-96, 99, 101 and 109, Williams discloses: 
A method and a system comprising: 
a network interface (see, e.g., abstract and 45-52); 
a processor (see, e.g., col. 19, lines 25-40); 

computer readable medium coupled to said processor (see, e.g., col. 19, lines 
25-40); 

computer code, encoded in said computer readable medium (see, e.g., col. 19, 
lines 25-40), 

comparing first security level information and second security level information 
(see, e.g., col. 6, line 66; col. 12, lines 42-67; col. 13, lines 22-30, where the security 
level of a host is the criteria to receive data; col. 14, lines 61-64), wherein said first 
security level information is stored in a security label of a packet received at a network 
node (see, e.g., col. 13, lines 38-54), and 
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said second security level information is stored at said network node (see, e.g., 
col. 13, lines 22-43); and 

indicating processing to be performed on said packet based on said comparing 
(see, e.g., col. 13, lines 44-60, where the security device configured to permit packets 
labeled at multiple levels to pass corresponds to the recited indicating processing to be 
performed on the packet based on the result of comparing the security levels of the 
packet and the device). 

With regard to claims 3, 105 and 106, Williams discloses: 
The method of claim 2, wherein 

said first security level and said second security level implement one of a multi- 
level security paradigm (see, e.g., col. 13, lines 44-60) and a multi-lateral security 
paradigm (see, e.g., col. 5, lines 10-13; col. 6, lines 27-31, where multiple trusted VPNs 
provide trust among multiple hosts that corresponds to the recited multi-lateral security 
paradigm). 

With regard to claim 4, an Official notice is taken of the following: the method of 
claim 2, wherein said security label is one of an enumerated security label and a bitmap 
security label. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention was made to utilize a security label in the types of an enumerated security 
label and a bitmap security label, because they are the types set by the "Standard 
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Security Label for Information Transfer", FIPS PUB 188, of NIST published in 
September 1994. 

With regard to claims 5, 91 and 98, Williams discloses: 

The method of claim 2, wherein said second security level is a security level of a 
port of said network node (see, e.g., col. 3, lines 45-50; col. 5, lines 30-40). 

With regard to claims 6 and 93, Williams discloses: 
The method of claim 5, further comprising: 

setting said security level of said port (see, e.g., col. 12, lines 52-55; col. 24, lines 
19-25). 

With regard to claims 7, 36, 40, 74, 78, 1 04, 1 07, 1 08, 1 1 0 and 1 1 1 , Williams 
discloses: 

The method of claim 6, wherein said setting said security level of said 
port comprises: 

storing said second security level in a security label information field of an 
access control list entry (see, e.g., col. 1, lines 44-55; col. 5, lines 14-17; col. 6, line 66, 
where the security device has and enforces a security policy which implies that the 
security device has an access control list with entries). 



With regard to claims 8, 37, 41 , 56, 60, 75, 79, 1 1 2 and 1 1 4, Williams discloses: 
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The method of claim 6, wherein said setting said security level of said port 
comprises: 

storing said second security level in a label range information field of a 
forwarding table entry (see, e.g., col. 14, lines 10-14 and 20-30). 

With regard to claim 9, Williams discloses: 
The method of claim 2, wherein said processing comprises: 
dropping said packet, if said comparing indicates that said first security level is 
less than said second security level (see, e.g., col. 13, lines 55-63). 
With regard to claim 10, Williams discloses: 

The method of claim 2, wherein said processing comprises at least one of 
dropping said packet, redirecting said packet and rewriting said security label (see, e.g., 
col. 13, lines 55-63; col. 17, lines 28-36, where directing to a printer corresponds to the 
recited redirecting; col. 15, lines 13-16, where labeled at the correct level corresponds 
to the recited rewriting said security label). 

With regard to claims 12 and 100, Williams discloses: 
The method of claim 1 1 , wherein 

said security levels are a range of security levels (see, e.g., col. 13, lines 5-9). 

With regard to claim 13, Williams discloses: 

The method of claim 12, wherein said processing comprises: 
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dropping said packet, if said comparing indicates that said first security level is 
not within said range of security levels (see, e.g., col. 13, lines 10-21). 

With regard to claims 15, 55 and 59, Williams discloses: 
The method of claim 14, wherein said storing comprises: 
storing said second security level in a security label information field of an 
access control list entry (see, e.g., col. 1, lines 44-55; col. 5, lines 14-17; col. 6, line 66, 
where the security device has and enforces a security policy which implies that the 
security device has an access control list with entries; col. 14, line 65). 
With regard to claim 16, Williams discloses: 
The method of claim 14, wherein said storing comprises: 
storing said second security level in a label range information field of a 
forwarding table entry (see, e.g., col. 14, lines 10-14 and 20-30). 

With regard to claims 17, 42, 61, 80 and 102, Williams discloses: 
The method of claim 14, wherein said storing comprises: 

communicating said second security level from a first network node by registering 
said second security level in a context (see, e.g., col. 11, lines 5-10; col. 13, lines 38-43; 
col. 14, line 1). 

With regard to claims 18, 43, 62 and 81, Williams discloses: 
The method of claim 17, wherein said registering comprises: 
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updating said second security level information by logically OR'ing third security 
level information with said second security level information (see, e.g., col. 12, lines 41- 
50, where combination of the security levels corresponds to the recited OR'ing the 
security levels). 

With regard to claims 19, 44, 63, 82 and 103, Williams discloses: 
The method of claim 17, wherein 

said context is a generic attribute registration protocol information propagation 
context (see, e.g., col. 4, lines 24-36; col. 18, lines 11-19), and 

said registering said second security level is accomplished by said first network 
node issuing a join request (see, e.g., col. 15, lines 1-16). 

With regard to claim 20, Williams discloses: 

The method of claim 14, wherein said storing comprises: 

storing said second security level in a label range information field of forwarding 
table (see, e.g., col. 14, lines 10-14 and 20-30). 

With regard to claim 21, Williams discloses: 

The method of claim 14, wherein said storing comprises: 

storing said second security level in a port of said network node (see, e.g., col. 3, 
lines 45-50; col. 5, lines 30-40). 

With regard to claims 22 and 92, Williams discloses: 
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The method of claim 21 , wherein 

said port is an egress port (see, e.g., Fig. 2, where the security device is an 
egress device located at the edge of the network). 

With regard to claims 23, 45, 64 and 83, Williams discloses: 

The method of claim 2, further comprising: 

determining said first security level (see, e.g., col. 7, lines 1-4). 

With regard to claims 24, 47, 66 and 85, Williams discloses: 

The method of claim 23, wherein said determining comprises: 

determining if an ingress port is marked as an access port (see, e.g., col. 7, lines 

1-4); and 

setting a security level of said ingress port to said first security level, if said 
ingress port is marked as an access port (see, e.g., col. 7, lines 13-20; col. 16, lines 26- 
33). 

With regard to claims 25, 48, 67 and 86, Williams discloses: 
The method of claim 24, further comprising: 

setting said first security level information to said security level of said ingress 
port (see, e.g., col. 15, lines 10-16). 



With regard to claims 26, 46, 65 and 84, Williams discloses: 
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The method of claim 23, further comprising: 
authenticating a user having said first security level, wherein 
said determining is performed only if said user is authenticated (see, e.g., col. 3, 
lines 29-37; col. 4, lines 53-61; col. 7, lines 5-10). 

With regard to claims 28, 50, 69 and 88, Williams discloses: 
The method of claim 27, wherein said performing said processing 
comprises: 

forwarding said packet, if said indicating indicates that said packet is allowed 
to be forwarded; and 

dropping said packet, otherwise (see, e.g., col. 13, lines 10-21 and 55-63). 

With regard to claim 29, Williams discloses: 
The method of claim 27, wherein said performing said processing 
comprises: 

forwarding said packet to a firewall, if said indicating indicates that said packet 
should be forwarded to said firewall (see, e.g., col. 7, lines 24-32). 

With regard to claims 30, 51 , 70, 89 and 97, Williams discloses: 
The method of claim 2, further comprising: 

stripping network security information from said packet; and adding subnetwork 
security information to said packet (see, e.g., col. 7, lines 1-5; col. 15, lines 13-16, 
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where labeling the packet to a correct level for transmission corresponds to the recited 
stripping... and adding security information). 

With regard to claim 31, Williams discloses: 
The method of claim 30, wherein 

said network security information comprises said first security level 
information (see, e.g., col. 7, lines 13-22, where the passing of the packet through the 
security device to access a network implies that the security level of the network either 
is the same as the security level of the security device or at acceptable range and the 
security level of the packet is acceptable by security device). 

With regard to claim 32, Williams discloses: 
The method of claim 30, wherein 

said subnetwork security information comprises said first security level 
information (see, e.g., col. 7, lines 13-22, where the passing of the packet through the 
security device to access a network implies that the security level of the network either 
is the same as the security level of the security device or at acceptable range and the 
security level of the packet is acceptable by security device). 

With regard to claims 35, 54 and 73, Williams discloses: 
The computer system of claim 34, wherein said computer code is further 
configured to cause said processor to: 
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set said security level of a port (see, e.g., col. 12, lines 52-55; col. 24, lines 19- 
25), wherein 

said second security level is a security level of said port of said network node 
(see, e.g., col. 3, lines 45-50; col. 5, lines 30-40). 

With regard to claim 113, Williams discloses: 

The network device of claim 112, wherein said at least one forwarding 
table entry further comprises: 

a port identifier field, wherein a port identifier stored in said port identifier field 
identifies a port (see, e.g., col. 6, lines 58-65; col. 15, lines 8-16 and line 66). 

With regard to claim 115, Williams discloses: 

The network device of claim 113, wherein said at least one forwarding 
table entry further comprises: 

a media access control (MAC) address field (see, e.g., col. 5, lines 14-17; col. 6, 
lines 66-); and 

a virtual local area network (VLAN) identifier field, wherein a combination of said 
MAC address field and said VLAN identifier field are associated with said port identifier 
field and said label range field (see, e.g., col. 5, lines 30-43; col. 11, lines 25-32; col. 26, 
lines 1-11). 

With regard to claim 116, Williams discloses: 
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The network device of claim 1 1 3, wherein 

said media access control (MAC) address field is configured to store a MAC 
address (see, e.g., col. 5, lines 14-17; col. 6, lines 66-), 

said VLAN identifier field is configured to store a VLAN identifier , 
said VLAN identifier identifies a VLAN, and 

a combination of said MAC address and said VLAN identifier identify said port 
and said security label (see, e.g., col. 5, lines 30-43; col. 11, lines 25-32; col. 26, lines 1- 
11). 

With regard to claim 117, Williams discloses: 
The network device of claim 114, wherein said at least one forwarding 
table entry further comprises: 

a media access control (MAC) address field configured to store a MAC 
address (see, e.g., col. 5, lines 14-17; col. 6, lines 66-), wherein 
said MAC address is associated with a security label stored in said 
label range field (see, e.g., col. 13, lines 1-9). 

With regard to claim 1 18, Williams discloses: 

The network device of claim 112, wherein said at least one forwarding table entry 
further comprises: 

a virtual local area network (VLAN) identifier field, wherein a VLAN identifier 
stored in said VLAN identifier field identifies a VLAN (see, e.g., col. 5, lines 30-43; col. 
1 1 , lines 25-32; col. 26, lines 1-11), and 
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said VLAN is associated with a security label stored in said label range field (see, 
e.g., col. 13, lines 1-9). 



Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

US patent application publication no. 2002/0035635 A1 to Holden et al. 

US patent no. 6,973,057 B1 to Forslow. 

US patent no. 6,289,462 B1 to McNabb et al. 

US patent application publication no. 2005/0198412 A1 to Pedersen et al. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to ABDULHAKIM NOBAHAR whose telephone number is 
(571)272-3808. The examiner can normally be reached on M-T 8-6. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Abdulhakim Nobahar/ 
Examiner, Art Unit 2132 

March 25, 2008 



/Benjamin E Lanier/ 

Primary Examiner, Art Unit 2132 



